How to configure a servlet via resource type? | Community
Skip to main content
T
TB3dock
Level 8
April 18, 2021
Solved

How to configure a servlet via resource type?

  • April 18, 2021
  • 2 replies
  • 22296 views

There are several tutorials on creating sling servlets. All of them use paths, e.g.

 

 

"sling.servlet.paths=" + "/bin/readjson"

 

 

(and this can be hit on www.mysite.com/bin/readjason )

All of them say its better to use resource types, e.g. 

 

 

"sling.servlet.resourceTypes="+ "noidea",

 

 

but how do I hit the servlet?  www.mysite.com/noidea doesnt work.

What needs to be setup, and how, to use a resource type (and setup in source code  - not in the local running AEM instance, where it cannot be distributed to other instances)?  Presumably there is some configuration somewhere which ties the resource type to a URL. 

 

If you have an API with say 20 endpoints, so you have say 20 URLs, its easy to give each one its own path in the servlet directly, e.g. /bin/api/login or /bin/api/register. This concept doesn't really map onto resource type, as you would have to manually create a resource type for each endpoint, and there may be 100 endpoints in some APIs.   We assume selector could be used, or may be postfix, but the documentation implies sector should only be used to define how the result should be formatted, not what the URL endpoint is?

    This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
    Best answer by Asutosh_Jena_

    Hi @tb3dock 

     

    When we register a servlet using path, we must be specify what all paths are allowed as if we define something randomly, our servlet might not be functioning properly. Only a limited set of paths are allowed and the rest are blocked. We can add more path using Apache Sling Servlet / Script Resolver and Error Handler. Allowing more paths to execute servlets makes our application vulnerable. That’s why we should not open more doors for servlets to run until and unless it is required and cannot be achieved using resource type.


    We might also need to tell specific paths to your consumers, who are consuming servlet response using ajax and any change in that path could have a serious affect. This might not be the case when you use resourceType.

     

    Sling Engine will take care of permissions if you register servlet using Resource Type. Users who cannot access a particular resource will not be able to invoke the servlet. Path-bound servlets cannot be access controlled using the default JCR repository ACLs.

     

    @Component(service = Servlet.class, property = {"process.label=Some Servlet",
            Constants.SERVICE_DESCRIPTION + "=This Servlet is responsible for Something."})
    @SlingServletResourceTypes(resourceTypes = ServiceConstants.YOUR_SERVLET_RESOURCE_TYPE,
            methods = HttpConstants.METHOD_POST,
            extensions = "json",
            selectors = "something")
    public class SomeServlet extends SlingAllMethodsServlet {

    // Code

    }

     

    Links to refer:

    https://sling.apache.org/documentation/the-sling-engine/servlets.html#example-registration-by-resource-type-etc-1 

     

    Very detailed article:

    http://www.sgaemsolutions.com/2017/12/apache-sling-servlets-and-scripts.html

     

    Thanks!

    2 replies

    Asutosh_Jena_
    Community Advisor
    Asutosh_Jena_Community AdvisorAccepted solution
    Community Advisor
    April 18, 2021

    Hi @tb3dock 

     

    When we register a servlet using path, we must be specify what all paths are allowed as if we define something randomly, our servlet might not be functioning properly. Only a limited set of paths are allowed and the rest are blocked. We can add more path using Apache Sling Servlet / Script Resolver and Error Handler. Allowing more paths to execute servlets makes our application vulnerable. That’s why we should not open more doors for servlets to run until and unless it is required and cannot be achieved using resource type.


    We might also need to tell specific paths to your consumers, who are consuming servlet response using ajax and any change in that path could have a serious affect. This might not be the case when you use resourceType.

     

    Sling Engine will take care of permissions if you register servlet using Resource Type. Users who cannot access a particular resource will not be able to invoke the servlet. Path-bound servlets cannot be access controlled using the default JCR repository ACLs.

     

    @Component(service = Servlet.class, property = {"process.label=Some Servlet",
            Constants.SERVICE_DESCRIPTION + "=This Servlet is responsible for Something."})
    @SlingServletResourceTypes(resourceTypes = ServiceConstants.YOUR_SERVLET_RESOURCE_TYPE,
            methods = HttpConstants.METHOD_POST,
            extensions = "json",
            selectors = "something")
    public class SomeServlet extends SlingAllMethodsServlet {

    // Code

    }

     

    Links to refer:

    https://sling.apache.org/documentation/the-sling-engine/servlets.html#example-registration-by-resource-type-etc-1 

     

    Very detailed article:

    http://www.sgaemsolutions.com/2017/12/apache-sling-servlets-and-scripts.html

     

    Thanks!

      T
      TB3dockAuthor
      Level 8
      April 18, 2021

      Thanks for the reply; Everything you have said I already know - writing the servlet to use a resource type is easy, but there are no tutorials or guides which tell you how to do the magic step of configuring the resource type and mapping it to a path. This is the missing from every servlet tutorial unfortunately, and means we have to use the path option. In your example you have "

      ServiceConstants.YOUR_SERVLET_RESOURCE_TYPE

      Where does this come from? where is  is YOUR_SERVLET_RESOURCE_TYPE defined and linked to a path?

        Anudeep_Garnepudi
        Community Advisor
        Anudeep_GarnepudiCommunity Advisor
        Community Advisor
        April 27, 2021

        @tb3dock 

        Registering Servlet using ResourceType:

        I have a component Demo (/apps/ata/components/demo). Now am registering the Servlet with the resource type of my demo component.

        import javax.servlet.Servlet; import org.apache.sling.api.SlingHttpServletRequest; import org.apache.sling.api.SlingHttpServletResponse; import org.apache.sling.api.servlets.HttpConstants; import org.apache.sling.api.servlets.SlingSafeMethodsServlet; import org.apache.sling.servlets.annotations.SlingServletResourceTypes; import org.osgi.service.component.annotations.Component; import org.osgi.service.component.propertytypes.ServiceDescription; @Component(service = { Servlet.class }) @SlingServletResourceTypes( resourceTypes="ata/components/demo", methods=HttpConstants.METHOD_GET, extensions="txt") @ServiceDescription("Demo Component ResourceType Servlet") public class DemoResourceTypeServlet extends SlingSafeMethodsServlet{ @Override public void doGet(SlingHttpServletRequest request, SlingHttpServletResponse response) { //Code } }

        How to hit the servlet registered using ResourceType:

        • Drop the demo component in a page (ex: /content/en/us/test)
        • Copy the path till the demo component (ex: /content/en/us/test/_jcr_content/par/demo)
        • Here we registered with extension txt, so add txt extension to above path and hit (ex: /content/en/us/test/_jcr_content/par/demo.txt)
        • Request URL: /content/en/us/test/_jcr_content/par/demo.txt

        Servlet can be registered using html and json extension as well. Refer: https://sling.apache.org/documentation/the-sling-engine/servlets.html#example-registration-by-resource-type-etc

         

          Terms & ConditionsAccessibility statement

          Loading footer...